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REMARKS 

Petition for Extension of Time Under 37 CFR 1.136(a) 

It is hereby requested that the term to respond to the Office Action of 
May 22, 2009 be extended one month, from August 22, 2009 to September 22, 
2009. 

The Commissioner is hereby authorized to charge the extension fee, and 
any additional fees associated with this communication to Deposit Account No. 
50-4364. 

In the Office Action, the Office indicated that claims 1 through 1 1 are pending in the 
application and the Office rejected all of the claims. 

Claim Objection 

On page 2 of the Office Action, the Office objected to claim 4 as being of improper 
dependent form. Applicant has cancelled claim 4. Accordingly, this objection is rendered moot. 

Rejections under 35 U.S.C. §§102 and 103 

On page 2 of the Office Action, the Office rejected claims 1-4 and 8-1 lunder 35 U.S.C. 
§ 1 02(e) as being anticipated by U.S. Patent Application Publication No. 2004/0205 1 76 to Ting et 
al. 

On page 4 of the Office Action, the Office rejected claim 5-7 under 35 U.S.C. § 103(a) as 
being obvious over Ting in view of U.S. Patent Application Publication No. 2003/0074552 to 
Olkinetal. 
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The Cited Prior Art Does Not Anticipate the Claimed Invention 

The MPEP and case law provide the following definition of anticipation for the 

purposes of 35 U.S.C. §102: 

"A claim is anticipated only if each and every element as set forth in the claim 
is found, either expressly or inherently described, in a single prior art 
reference." {Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 628, 
631 (Fed. Cir. 1987) M.P.E.P. §2131. 

As stated in Applicant's previous Reply, the claimed invention is predicated on the basis 
that a user must authenticate him/herself to a device, in order to carry out a particular operation, 
only if certain conditions apply. The conditions are the amount of time elapsed since the last 
authentication of the user occurred, and the type of operation being requested by the user. 

The type of operation is significant, because if it is an operation that requires, for 
example, little or no security clearance (e.g., reading an email), the time between repeat 
authentications being required may be relatively long. However, if the type of operation requires 
substantial security clearance, for example, making purchases or other financial transactions, then 
the time between repeat authentications being required may be relatively short, or even zero, such 
that authentication is required every time. 

The above is described in the U.S. patent publication corresponding to this application 
(US 2007/028901 1) in paragraphs 0033 and 0034. A key feature of the invention is, therefore, 
the type of operation being requested. This feature is clearly recited in claim 1 . 



In rejecting claim 1, the Office refers to paragraph [0009] of Ting as teaching the 
claimed element: ". . .enabling the requested operation by determining the type of operation 



Ting 
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being requested by the user and enabling the operation only if the determined time period is 
valid for the type of operation requested by the user." This assertion by the Office is 
incorrect, as nowhere in Ting is there any teaching or even suggestion of (a) determining the 
type of operation being requested by the user, or (b) enabling the operation only if the 
determined time period is valid for the type of operation requested by the user. 

First, it is noted that the present application claims the determination of the type of 
operation requested by the user, and discloses in paragraph [0033] examples including an 
operation of a high-security type, such as a financial transaction, and an operation of a low- 
security type, such as reading an email. Nothing in Ting remotely teaches or suggests such a 
concept; Ting merely states in paragraph [0009] that access privileges may be revoked as a 
result of one or more trigger events, such as a broken communication connection, a changed 
password, the passage of time, or a sequence of events at the client or in the application. 
Nothing in this paragraph or anywhere else in Ting mentions anything about determining the 
type of operation being requested by the user as defined and claimed in the present 
application. 

Second, the claimed invention enables the operation requested by the user only if the 
determined time period is valid for the type of operation requested by the user. This is 
disclosed in paragraph [0034] of the present application, and examples are given in 
paragraphs [0035] through [0050]. Nowhere in Ting is there any teaching or suggestion of 
this claimed feature; again, paragraph [0009] of Ting merely states that access privileges may 
be revoked as a result of one or more trigger events, such as a broken communication 
connection, a changed password, the passage of time, or a sequence of events at the client or 
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in the application. Nowhere is there any discussion of controlling the enabling of a requested 
operation by only allowing the operation to proceed if an indentified time period elapsing is 
the appropriate time period for the type of operation requested. At best, Ting indicates that if 
a time period expires, OR if a communication connection has been broken, OR if a password 
has expired, OR if a password has been changed, OR if an unidentified sequence of events at 
the client, the application, or both has occurred, then a user can be made to re-authenticate 
their identity. 

To summarize, Paragraph 9 in Ting describes trigger events stored in user profile based 
on which the user is required to re-authenticate their identity. According to this paragraphia user 
will be required to re-authenticate all the applications that are linked to his profile after the 
passage of time (or any other trigger event) set by the user. However, paragraphs 9 fails to 
describe that the user will be required to re-authenticate if the passage time is valid for the type of 
operation requested by the user. 

Paragraph 9 in Ting can be understood with help of the following example: 

1 . Passage of time is set to 1 hour 

2. User signs a social networking site - Operation A 

3. 10 minutes later user signs an email - Operation B. The user is not asked to 
reauthenticate as the passage of time has not expired. 

4. 65 minutes later user signs another email - Operation B. The user is asked to 
reauthenticate as the passage of time has expired. 

5. 20 minutes later user tries to make a financial operation - Action C. The user is 
not asked to reauthenticate as the passage time has not expired. 

It is apparent from the above example that the passage time in Ting is common for all 
operations and is not dependent on the type of operation. Hence, operations A, B, and C can 
be carried out as long as the passage time has not expired. Since the operation C described 
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above is more sensitive/critical than operations A and B, its security can be compromised. 
The claimed invention solves this problem by authenticating a user based on the type of 
operation to be performed. 

Each of the above elements are specifically claimed in the independent claim, and this 
in all of the claims. Since these claimed elements are neither taught nor suggested by Ting,- 
all of the claims are in allowable condition. For the reasons set forth above, the Examiner is 
respectfully requested to reconsider and withdraw the rejection of the claims under 35 U.S.C. 
§102. 

Claims 5-7 

Claims 5-7 are rejected under 35 U.S.C. §103 based on a proposed combination of Ting 
and Olkin. First, it is noted that claims 5-7 inherit the limitations of claim 1 and are thus 
patentable for the reasons set forth above regarding claim 1. Further, however, the addition of 
Olin does not teach or suggest the elements lacking in Ting as described above, and thus there is 
no teaching ot suggestion to combine Ting and Olkin to achieve the invention of claims 5-7. 
Accordingly, the Office is respectfully requested to reconsider and withdraw the rejection of 
claims 5-7 under 35 U.S.C. §103. 
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Conclusion 

The present invention is not taught or suggested by the prior art. Accordingly, the 
Examiner is respectfully requested to reconsider and withdraw the rejection of the claims. An 
early Notice of Allowance is earnestly solicited. 

The Commissioner is hereby authorized to charge the extension fee and any additional 
fees associated with this communication to applicant's Deposit Account No. 50-4364. 



SAUL EWTNG LLP 
Centre Square West 
1500 Market Street, 38 th Floor 
Philadelphia, PA 1 9 1 02-2 1 89 
Telephone: 215 972 7880 
Facsimile: 215 972 4169 
Email: MSimpson@saul.com 



Respectfully submitted 
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Date 



Mark D. Simpson, Esquire 
Registration No. 32,942 
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